<?
/*==========================================================================*\
| AGRIVIET - CONTENT MANAGERMENT SYSTEM						
\*==========================================================================*/

//Xoa nhieu fan tu cung 1 luc
	if (isset($_POST['ButDel'])) {
		if(isset($_POST['chk'])){
		$cnt=0;
		foreach ($_POST['chk'] as $id)
		{
				@$result = mysql_query("delete from administrators where id='".$id."'");
				if ($result) {
					$cnt++;		
			}
		}
		echo "<script>window.location='./?act=admin'</script>";
		#echo "<div align=center class='blue'>Đã xóa ".$cnt." phần tử</div>";
	} else {
	$err ='<div class="red">Please select admin username to delete!</div>';
	}
	}

if(isset($_GET['go']) && $_GET['go']=='edit'){
$sql=mysql_query("SELECT * FROM administrators WHERE id=".$_GET['id']);
$r=mysql_fetch_object($sql);
}

 if($_POST['butSub']){
 $username = db_prepare_input($_POST['txtUser']);
 $password = db_prepare_input($_POST['txtPwd']);
 $newspass=encrypt_password($password);
 
 if (!empty($_POST['oldid'])) {
 $oldid = $_POST['oldid'];
	 if($_POST['txtPwd']!=''){
	 $sql="update administrators set user='".$username."', password='".$newspass."' where id='".$oldid."'";
	 }else{
	 $sql="update administrators set user='".$username."' where id='".$oldid."'";
	 }
 } else {
 $sql="insert into administrators (user,password) values('".$username."','".$newspass."')";
 }
  if(mysql_query($sql)){
  echo "<script>window.location='./?act=admin'</script>";
  } else {
  echo "<script>window.location='./?act=admin&err=1'</script>";
  }
 
 }
 
?>
<? echo $err;?>
<form method="POST" name="frmList" action="index.php">
<table border="1" cellpadding="2" style="border-collapse: collapse" bordercolor="#D5E2FF" width="100%" id="AutoNumber1">
  <tr>
    <td height="25" colspan="3" align=left class="xtitle">Administrators</td>
    </tr>
  <tr>
    <td width="3%" align=center class="title"><input type="checkbox" name="chkall" onclick="chkallClick(this);"></td>
    <td width="63%" align=left class="title" >Administrator  </td>
    <td width="34%" align="center" nowrap class="title">Action</td>
    </tr>
<?php
	$sql="select * from administrators order by id ASC";
	$result=mysql_query($sql);
	$i=0;
	while(($row=mysql_fetch_object($result)))
	{
	$i++;
	if ($i%2) $class="le"; else $class="chan";
?>
  <tr class="<?=$class;?>">
    <td align="center">
    <input type="checkbox" name="chk[]" value="<? echo $row->id; ?>"></td>
    <td align="left" >
	<a href="index.php?act=admin&id=<? echo $row->id; ?>&go=edit">
	<b><? echo $row->user; ?></b></a></td>
    <td align="center" ><a href="index.php?act=admin&id=<? echo $row->id; ?>&go=edit">Change</a></td>
    </tr>
  <? } ?>
</table>
 <input type="hidden" name="act" value="admin"><table border="0" width="100%" cellspacing="0" cellpadding="0" id="table1">
	<tr>
		<td>
<input class="button" type="submit" value="Delete" name="ButDel" onclick="return confirm('B&#7841;n có ch&#7855;c ch&#7855;n mu&#7889;n xoá ?');">
<input name="new" type="button" id="new" value="Add new" onclick="window.location='index.php?act=admin&go=new'" class="button" /></td>
    </tr>
</table>
<? if($_GET['go']=='edit' || $_GET['go']=='new'){
echo $err; 
?>
<table border="1" align="right" cellpadding="2" cellspacing="2" bordercolor="#CCCCCC">
<tr>
<td >
<table border="0" cellpadding="4" bordercolor="#111111" id="AutoNumber2" cellspacing="0">
<tr>
<td align="right"> Username</td>
<td>
<input type="text" name="txtUser" size="34" value="<?=$r->user;?>"></td>
</tr>
<tr>
<td align="right"><? if($_GET['go']=='edit') echo 'New';?> Password:</td>
<td>
<input type="password" name="txtPwd" size="34"></td>
</tr>
<tr>
<td>
<input type="hidden" name="oldid" value="<?=$r->id;?>">
</td>
<td>
<input type="submit" name="butSub" value="Update" class=button>
<input name="cancel" type="button" id="cancel" value="Cancel" onclick="window.location='index.php?act=admin'" class="button" /></td>
</tr>
</table></td>
</tr>
</table>
<? } ?>
</form>
